CVE-2025-69219

EPSS 0.02%
Veröffentlicht 09.03.2026 10:19:58
Zuletzt bearbeitet 10.03.2026 18:58:35
Quelle security@apache.org
CVE-Watchlists
Login
Unerledigt
Login

A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airflow, the likelihood of it making any damage is low.

You should upgrade to version 6.0.0 of the provider to avoid even that risk.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Airflow Providers Http Version >= 5.1.0 < 6.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.04

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-913 Improper Control of Dynamically-Managed Code Resources

The product does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.

https://github.com/apache/airflow/pull/61662

Patch

Issue Tracking

https://lists.apache.org/thread/zjkfb2njklro68tqzym092r4w65m5dq0

Mailing List

http://www.openwall.com/lists/oss-security/2026/03/09/1

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2025-69219

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-69219

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-69219

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-69219